Authentication Flaw in BIG-IQ High Availability by F5 Networks
CVE-2021-22995

7.5HIGH

Key Information:

Vendor: F5
Status: Big-iq
Vendor: CVE Published:; 31 March 2021

Summary

An authentication vulnerability exists in F5 Networks' BIG-IQ high availability feature when it utilizes a Quorum device for automatic failover. This issue permits unauthorized access by failing to implement any authentication measures with the Corosync daemon, potentially compromising the integrity of the high availability configuration. It is critical for users of BIG-IQ 6.x and 7.x versions to address this vulnerability immediately to avoid possible exploitation.

Affected Version(s)

BIG-IQ All 7.x and 6.x versions

References

https://support.f5.com/csp/article/K13155201

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 31, 2021
Vulnerability Reserved
Jan 6, 2021